September, 2018

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”. One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. Related video: Why it’s high time to protect unstructured data. Ironically, many victimized companies are paying hefty ransoms to decrypt unstructured data that may not be all that sensitive or mission critical.

Facebook hacked – 50 Million Users’ Data exposed in the security breach

Security Affairs

Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet.

Access 113

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.

Tools 285

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Data Breach Today

Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K.

Mmm. Pi-hole.

Troy Hunt

I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free.

Video 114

NSA Attacks Against Virtual Private Networks

Schneier on Security

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems.".

More Trending

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Security Affairs

The FBI Internet Crime Complaint Center (IC3) warns of cyber attacks exploiting Remote Desktop Protocol (RDP) vulnerabilities. Remote Desktop Protocol (RDP) is a widely adopted protocol for remote administration, but it could dramatically enlarge the attack surface if it isn’t properly managed.

GovPayNow.com Leaks 14M+ Records

Krebs on Security

Government Payment Service Inc. — a company used by thousands of U.S.

Tips 250

Ransomware Crypto-Locks Port of San Diego IT Systems

Data Breach Today

Port Remains Open and Accessible to Ships, Officials Say Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline.

Extended Validation Certificates are Dead

Troy Hunt

That's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!),

Quantum Computing and Cryptography

Schneier on Security

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today.

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a very high level,” she says.

Cracked Windows installations are serially infected with EternalBlue exploit code

Security Affairs

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue , is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack.

Study 113

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

Krebs on Security

The U.S.

Video 241

Europe Catches GDPR Breach-Notification Fever

Data Breach Today

Privacy Law is Fast Revealing the True Extent of Data Breaches Across UK and EU Less than four months after GDPR went into enforcement, Europe has arguably entered the modern data breach era.

GDPR 241

The Effectiveness of Publicly Shaming Bad Security

Troy Hunt

Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter.

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

WIRED Threat Level

Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it. Security

NEW TECH: Critical Start applies ‘zero-trust’ security model to managed security services

The Last Watchdog

All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more. Related: Delivering useful intel to MSSPs. Companies are gravitating to MSSPs in a big way.

CVE-2018-1718 -Google Project Zero reports a new Linux Kernel flaw

Security Affairs

Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn.

In a Few Days, Credit Freezes Will Be Fee-Free

Krebs on Security

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents.

Tools 221

'Magecart' Card-Sniffing Gang Cracks Newegg

Data Breach Today

E-Commerce Site Investigates Malware Attack and Payment Card Data Theft Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month.

Retail 227

Serverless to the Max: Doing Big Things for Small Dollars with Cloudflare Workers and Azure Functions

Troy Hunt

As time has gone by, one of the things I've enjoyed the most in running Have I Been Pwned (HIBP) is seeing how far I could make the dollars stretch. How big can it go whilst at the same time, running it on a shoestring?

Counting People Through a Wall with WiFi

Schneier on Security

Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other.

Paper 109

Are You Ever Finished With Information Governance?

Weissman's World

We at Holly Group spend our days working with clients to help them improve their Current State of information and move them towards their desired Future State. But a recent conversation with one of them raised a very interesting question: Is it possible for an organization to ever be finished?

Hackers target Port of Barcelona, maritime operations had not affected

Security Affairs

The Port of Barcelona was hit by a cyber attack, fortunately, maritime operations had not affected. On September 20, 2018 morning, the Port of Barcelona was hit by a cyber attack that forced the operators of the infrastructure to launch the procedure to respond to the emergency.

Beware of Hurricane Florence Relief Scams

Krebs on Security

Tips 218

Wielding EternalBlue, Hackers Hit Major US Business

Data Breach Today

Luckily, Firm Was Only Infected With Cryptocurrency-Mining Malware Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S.

Mining 218

Social Media Too Shall Pass

John Battelle's Searchblog

At dinner last night with my wife and our 14 year-old daughter, I noticed a circular table of four teenage girls eating alone. They were about the same age as my daughter, who wasn’t exactly thrilled to be stuck with her parents as company on her first weekend of the school year.

Groups 107

Public Shaming of Companies for Bad Security

Schneier on Security

Troy Hunt makes some good points , with good examples. psychologyofsecurity securityengineering securitypolicies

Need an Information Roadmap? First Know Where You Are

Weissman's World

Throughout my years of working with organizations on their information management and technology initiatives, I have often heard clients and vendors say “Where is the roadmap?” and “We need a roadmap.” My response is always the same: First you must know where you are. What is the current state?

Groups 156

Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled

Security Affairs

The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code.

IoT 109

U.S. Mobile Giants Want to be Your Online Identity

Krebs on Security

The four major U.S.

Police in Europe Tie Card Fraud to People-Smuggling Gang

Data Breach Today

NEW TECH: WhiteSource leverages automation to mitigate lurking open-source vulnerabilities

The Last Watchdog

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors. In today’s world, quick innovations are a necessity, and software developers would rather not lose valuable time reinventing the wheel.